Over 10,500 Zimbra Collaboration Suite servers remain unpatched and vulnerable to active exploitation of CVE-2025-48700, a cross-site scripting flaw affecting ZCS versions 8.8.15 through 10.1. The vulnerability allows unauthenticated attackers to execute arbitrary JavaScript in a victim's session simply by sending a crafted email — no user interaction beyond viewing the message is required. CISA added the flaw to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch within three days. Shadowserver reports most vulnerable servers are concentrated in Asia and Europe. The flaw echoes a pattern of Zimbra XSS exploits being weaponized by state-backed groups including APT28 (Fancy Bear) and APT29 (Cozy Bear) in espionage campaigns targeting government and NATO-aligned organizations.
Table of contents
Related Articles:Sort: